1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
|
---
title: '<iframe>: The Inline Frame element'
slug: Web/HTML/Element/iframe
translation_of: Web/HTML/Element/iframe
original_slug: Web/HTML/Елемент/iframe
---
<div>{{HTMLRef}}</div>
<p><span class="seoSummary">Элемент <strong>встроенного фрейма HTML ( <code><iframe></code>)</strong> представляет собой вложенный {{Glossary("контекст просмотра")}}, встраивающий другую HTML-страницу в текущую.</span></p>
<div>{{EmbedInteractiveExample("pages/tabbed/iframe.html", "tabbed-standard")}}</div>
<div class="hidden">Исходный код этого интерактивного примера хранится в репозитории GitHub. Если вы хотите внести свой вклад в проект интерактивных примеров, клонируйте <a href="https://github.com/mdn/interactive-examples">https://github.com/mdn/interactive-examples</a> и отправьте нам запрос на перенос.</div>
<p>Каждый встроенный контекст просмотра имеет собственную <a href="/en-US/docs/Web/API/History">историю сеанса</a> и <a href="/en-US/docs/Web/API/Document">документ</a> . Контекст просмотра, в который встроены остальные, называется <em><dfn>родительским</dfn> контекстом просмотра</em> . Самый <em>верхний</em> контекст просмотра - тот, у которого нет родителя - обычно это окно браузера, представленное объектом {{domxref("Window")}}.</p>
<div class="blockIndicator warning">
<p>Поскольку каждый контекст просмотра представляет собой полную среду документа, каждый <code><iframe></code>элемент на странице требует увеличения памяти и других вычислительных ресурсов. Хотя теоретически вы можете использовать сколько <code><iframe></code>угодно s, проверьте, нет ли проблем с производительностью.</p>
</div>
<table class="properties">
<tbody>
<tr>
<th scope="row"><a href="/en-US/docs/Web/HTML/Content_categories">Категории контента</a></th>
<td><a href="/en-US/docs/Web/HTML/Content_categories#Flow_content">Контент потока</a> , <a href="/en-US/docs/Web/HTML/Content_categories#Phrasing_content">фразовый контент</a> , встроенный контент, интерактивный контент, осязаемый контент.</td>
</tr>
<tr>
<th scope="row">Разрешенный контент</th>
<td>Никто.</td>
</tr>
<tr>
<th scope="row">Отсутствие тега</th>
<td>{{no_tag_omission}}</td>
</tr>
<tr>
<th scope="row">Разрешенные родители</th>
<td>Любой элемент, который принимает встроенный контент.</td>
</tr>
<tr>
<th scope="row">Неявная роль ARIA</th>
<td><a href="https://www.w3.org/TR/html-aria/#dfn-no-corresponding-role">Нет соответствующей роли</a></td>
</tr>
<tr>
<th scope="row">Разрешенные роли ARIA</th>
<td>{{ARIARole("application")}}, {{ARIARole("document")}}, {{ARIARole("img")}}, {{ARIARole("none")}}, {{ARIARole("presentation")}}</td>
</tr>
<tr>
<th scope="row">DOM интерфейс</th>
<td>{{domxref("HTMLIFrameElement")}}</td>
</tr>
</tbody>
</table>
<h2 id="Атрибуты">Атрибуты</h2>
<p>Этот элемент включает <a href="/en-US/docs/Web/HTML/Global_attributes">глобальные атрибуты</a> .</p>
<dl>
<dt>{{htmlattrdef("allow")}}</dt>
<dd>Задает <a href="/en-US/docs/Web/HTTP/Feature_Policy">политику функций</a> для <code><iframe></code>. Политика определяет, какие функции доступны, в <code><iframe></code>зависимости от источника запроса (например, доступ к микрофону, камере, батарее, API общего доступа и т. Д.).<br>
<br>
Для получения дополнительной информации и примеров см .: <a href="/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy">Использование политики функций</a> > <a href="https://wiki.developer.mozilla.org/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy#The_iframe_allow_attribute">Атрибут разрешения iframe</a> .</dd>
<dt>{{htmlattrdef("allowfullscreen")}}</dt>
<dd>Установите значение, <code>true</code>если <code><iframe></code>можно активировать полноэкранный режим путем вызова метода {{domxref("Element.requestFullscreen", "requestFullscreen ()")}}.</dd>
<dd>
<div class="note">Этот атрибут считается устаревшим и переопределяется как <code>allow="fullscreen"</code>.</div>
</dd>
<dt>{{htmlattrdef("allowpaymentrequest")}}</dt>
<dd>Установите, <code>true</code>если <code><iframe></code>необходимо разрешить перекрестному источнику вызывать <a href="/en-US/docs/Web/API/Payment_Request_API">API запроса платежа</a> .</dd>
<dd>
<div class="note">Этот атрибут считается устаревшим и переопределяется как <code>allow="payment"</code>.</div>
</dd>
<dt>{{htmlattrdef("csp")}} {{experimental_inline}}</dt>
<dd><a href="/en-US/docs/Web/HTTP/CSP">Содержание политики безопасности</a> применяются для внедренного ресурса. Подробнее см. {{Domxref("HTMLIFrameElement.csp")}}.</dd>
<dt>{{htmlattrdef("height")}}</dt>
<dd>Высота фрейма в пикселях CSS. По умолчанию <code>150</code>.</dd>
<dt>{{htmlattrdef("loading")}} {{experimental_inline}}</dt>
<dd>Указывает, как браузер должен загружать iframe:
<ul>
<li><code>eager</code>: Немедленно загрузить iframe, независимо от того, находится ли он за пределами видимого окна просмотра (это значение по умолчанию).</li>
<li><code>lazy</code>: Отложить загрузку iframe до тех пор, пока он не достигнет расчетного расстояния от области просмотра, как определено браузером.</li>
</ul>
</dd>
<dt>{{htmlattrdef("name")}}</dt>
<dd>Целевое имя для встроенного контекста просмотра. Его можно использовать в <code>target</code>атрибуте элементов {{HTMLElement("a")}}, {{HTMLElement("form")}} или {{HTMLElement("base")}}; <code>formtarget</code>атрибутом {{HTMLElement( "input")}} или {{HTMLElement("button")}} элементов; или <code>windowName</code>параметр в методе {{domxref("Window.open ()", "window.open ()")}}.</dd>
<dt id="attr-referrer">{{htmlattrdef("referrerpolicy")}}</dt>
<dd>Указывает, какой <a href="/en-US/docs/Web/API/Document/referrer">реферер</a> отправлять при выборке ресурса кадра:
<ul>
<li><code>no-referrer</code>: Заголовок {{HTTPHeader("Referer")}} не будет отправлен.</li>
<li><code>no-referrer-when-downgrade</code> (default): The {{HTTPHeader("Referer")}} header will not be sent to {{Glossary("origin")}}s without {{Glossary("TLS")}} ({{Glossary("HTTPS")}}).</li>
<li><code>origin</code>: The sent referrer will be limited to the origin of the referring page: its <a href="/en-US/docs/Archive/Mozilla/URIScheme">scheme</a>, {{Glossary("host")}}, and {{Glossary("port")}}.</li>
<li><code>origin-when-cross-origin</code>: The referrer sent to other origins will be limited to the scheme, the host, and the port. Navigations on the same origin will still include the path.</li>
<li><code>same-origin</code>: A referrer will be sent for {{Glossary("Same-origin policy", "same origin")}}, but cross-origin requests will contain no referrer information.</li>
<li><code>strict-origin</code>: Only send the origin of the document as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but don't send it to a less secure destination (HTTPS→HTTP).</li>
<li><code>strict-origin-when-cross-origin</code>: Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (HTTPS→HTTPS), and send no header to a less secure destination (HTTPS→HTTP).</li>
<li><code>unsafe-url</code>: The referrer will include the origin <em>and</em> the path (but not the <a href="/en-US/docs/Web/API/HTMLHyperlinkElementUtils/hash">fragment</a>, <a href="/en-US/docs/Web/API/HTMLHyperlinkElementUtils/password">password</a>, or <a href="/en-US/docs/Web/API/HTMLHyperlinkElementUtils/username">username</a>). <strong>This value is unsafe</strong>, because it leaks origins and paths from TLS-protected resources to insecure origins.</li>
</ul>
</dd>
<dt>{{htmlattrdef("sandbox")}}</dt>
<dd>Applies extra restrictions to the content in the frame. The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions:
<ul>
<li><code>allow-downloads-without-user-activation</code> {{experimental_inline}}: Allows for downloads to occur without a gesture from the user.</li>
<li><code>allow-downloads</code>: Allows for downloads to occur with a gesture from the user.</li>
<li><code>allow-forms</code>: Allows the resource to submit forms. If this keyword is not used, form submission is blocked.</li>
<li><code>allow-modals</code>: Lets the resource <a href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-modals-flag">open modal windows</a>.</li>
<li><code>allow-orientation-lock</code>: Lets the resource <a href="/en-US/docs/Web/API/Screen/lockOrientation">lock the screen orientation</a>.</li>
<li><code>allow-pointer-lock</code>: Lets the resource use the <a href="/en-US/docs/WebAPI/Pointer_Lock">Pointer Lock API</a>.</li>
<li><code>allow-popups</code>: Allows popups (such as <code>window.open()</code>, <code>target="_blank"</code>, or <code>showModalDialog()</code>). If this keyword is not used, the popup will silently fail to open.</li>
<li><code>allow-popups-to-escape-sandbox</code>: Lets the sandboxed document open new windows without those windows inheriting the sandboxing. For example, this can safely sandbox an advertisement without forcing the same restrictions upon the page the ad links to.</li>
<li><code>allow-presentation</code>: Lets the resource start a <a href="/en-US/docs/Web/API/PresentationRequest">presentation session</a>.</li>
<li><code>allow-same-origin</code>: If this token is not used, the resource is treated as being from a special origin that always fails the {{Glossary("same-origin policy")}}.</li>
<li><code>allow-scripts</code>: Lets the resource run scripts (but not create popup windows).</li>
<li><code>allow-storage-access-by-user-activation</code> {{experimental_inline}}: Lets the resource request access to the parent's storage capabilities with the <a href="/en-US/docs/Web/API/Storage_Access_API">Storage Access API</a>.</li>
<li><code>allow-top-navigation</code>: Lets the resource navigate the top-level browsing context (the one named <code>_top</code>).</li>
<li><code>allow-top-navigation-by-user-activation</code>: Lets the resource navigate the top-level browsing context, but only if initiated by a user gesture.</li>
</ul>
<div class="note"><strong>Notes about sandboxing:</strong>
<ul>
<li>When the embedded document has the same origin as the embedding page, it is <strong>strongly discouraged</strong> to use both <code>allow-scripts</code> and <code>allow-same-origin</code>, as that lets the embedded document remove the <code>sandbox</code> attribute — making it no more secure than not using the <code>sandbox</code> attribute at all.</li>
<li>Sandboxing is useless if the attacker can display content outside a sandboxed <code>iframe</code> — such as if the viewer opens the frame in a new tab. Such content should be also served from a <em>separate origin</em> to limit potential damage.</li>
<li>The <code>sandbox</code> attribute is unsupported in Internet Explorer 9 and earlier.</li>
</ul>
</div>
</dd>
<dt>{{htmlattrdef("src")}}</dt>
<dd>The URL of the page to embed. Use a value of <code>about:blank</code> to embed an empty page that conforms to the <a href="/en-US/docs/Web/Security/Same-origin_policy#Inherited_origins">same-origin policy</a>. Also note that programatically removing an <code><iframe></code>'s src attribute (e.g. via {{domxref("Element.removeAttribute()")}}) causes <code>about:blank</code> to be loaded in the frame in Firefox (from version 65), Chromium-based browsers, and Safari/iOS.</dd>
<dt>{{htmlattrdef("srcdoc")}}</dt>
<dd>Inline HTML to embed, overriding the <code>src</code> attribute. If a browser does not support the <code>srcdoc</code> attribute, it will fall back to the URL in the <code>src</code> attribute.</dd>
<dt>{{htmlattrdef("width")}}</dt>
<dd>The width of the frame in CSS pixels. Default is <code>300</code>.</dd>
</dl>
<h3 id="Deprecated_attributes">Deprecated attributes</h3>
<p>These attributes are deprecated and may no longer be supported by all user agents. You should not use them in new content, and try to remove them from existing content.</p>
<dl>
<dt>{{htmlattrdef("align")}} {{deprecated_inline}}</dt>
<dd>The alignment of this element with respect to the surrounding context.</dd>
<dt>{{htmlattrdef("frameborder")}} {{deprecated_inline}}</dt>
<dd>The value <code>1</code> (the default) draws a border around this frame. The value <code>0</code> removes the border around this frame, but you should instead use the CSS property {{cssxref("border")}} to control <code><iframe></code> borders.</dd>
<dt>{{htmlattrdef("longdesc")}} {{deprecated_inline}}</dt>
<dd>A URL of a long description of the frame's content. Due to widespread misuse, this is not helpful for non-visual browsers.</dd>
<dt>{{htmlattrdef("marginheight")}} {{deprecated_inline}}</dt>
<dd>The amount of space in pixels between the frame's content and its top and bottom borders.</dd>
<dt>{{htmlattrdef("marginwidth")}} {{deprecated_inline}}</dt>
<dd>The amount of space in pixels between the frame's content and its left and right borders.</dd>
<dt>{{htmlattrdef("scrolling")}} {{deprecated_inline}}</dt>
<dd>Indicates when the browser should provide a scrollbar for the frame:
<ul>
<li><code>auto</code>: Only when the frame's content is larger than its dimensions.</li>
<li><code>yes</code>: Always show a scrollbar.</li>
<li><code>no</code>: Never show a scrollbar.</li>
</ul>
</dd>
</dl>
<h3 id="Non-standard_attributes">Non-standard attributes</h3>
<dl>
<dt>{{htmlattrdef("mozbrowser")}} {{non-standard_inline}}</dt>
<dd>
<div class="note">See {{bug(1318532)}} for exposing this to WebExtensions in Firefox.</div>
Makes the <code><iframe></code> act like a top-level browser window. See <a href="/en-US/docs/Mozilla/Gecko/Chrome/API/Browser_API">Browser API</a> for details.<br>
<strong>Available only to <a href="/en-US/docs/Mozilla/Add-ons/WebExtensions">WebExtensions</a>.</strong></dd>
</dl>
<h2 id="Scripting">Scripting</h2>
<p>Inline frames, like {{HTMLElement("frame")}} elements, are included in the {{domxref("window.frames")}} pseudo-array.</p>
<p>With the DOM {{domxref("HTMLIFrameElement")}} object, scripts can access the {{domxref("window")}} object of the framed resource via the {{domxref("HTMLIFrameElement.contentWindow", "contentWindow")}} property. The {{domxref("HTMLIFrameElement.contentDocument", "contentDocument")}} property refers to the <code>document</code> inside the <code><iframe></code>, same as <code>contentWindow.document</code>.</p>
<p>From the inside of a frame, a script can get a reference to its parent window with {{domxref("window.parent")}}.</p>
<p>Script access to a frame's content is subject to the <a href="/en-US/docs/Web/Security/Same-origin_policy">same-origin policy</a>. Scripts cannot access most properties in other <code>window</code> objects if the script was loaded from a different origin, including scripts inside a frame accessing the frame's parent. Cross-origin communication can be achieved using {{domxref("Window.postMessage()")}}.</p>
<h2 id="Positioning_and_scaling">Positioning and scaling</h2>
<p>As a <a href="/en-US/docs/Web/CSS/Replaced_element">replaced element</a>, the position, alignment, and scaling of the embedded document within the <code><iframe></code> element's box, can be adjusted with the {{cssxref("object-position")}} and {{cssxref("object-fit")}} properties.</p>
<h2 id="Examples">Examples</h2>
<h3 id="Example1" name="Example1">A simple <iframe></h3>
<p>An <code><iframe></code> in action. After creating the frame, when the user clicks a button, its title is displayed in an alert.</p>
<h4 id="HTML">HTML</h4>
<div id="htmlOutputWrapper">
<pre class="brush: html notranslate"><iframe src="https://mdn-samples.mozilla.org/snippets/html/iframe-simple-contents.html"
title="iframe Example 1" width="400" height="300">
</iframe></pre>
</div>
<h4 id="Result">Result</h4>
<p>{{EmbedLiveSample('Example1', 640,400)}}</p>
<h2 id="Accessibility_concerns">Accessibility concerns</h2>
<p>People navigating with assistive technology such as a screen reader can use the <a href="/en-US/docs/Web/HTML/Global_attributes/title"><code>title</code> attribute</a> on an <code><iframe></code> to label its content. The title's value should concisely describe the embedded content:</p>
<div id="htmlOutputWrapper">
<pre class="brush: html notranslate"><iframe title="Wikipedia page for Avocados" src="https://en.wikipedia.org/wiki/Avocado"></iframe></pre>
</div>
<p>Without this title, they have to navigate into the <code><iframe></code> to determine what its embedded content is. This context shift can be confusing and time-consuming, especially for pages with multiple <code><iframe></code>s and/or if embeds contain interactive content like video or audio.</p>
<h2 id="Specifications">Specifications</h2>
<table class="standard-table">
<thead>
<tr>
<th scope="col">Specification</th>
<th scope="col">Status</th>
<th scope="col">Comment</th>
</tr>
</thead>
<tbody>
<tr>
<td>{{SpecName('Referrer Policy', '#referrer-policy-delivery-referrer-attribute', 'referrerpolicy attribute')}}</td>
<td>{{Spec2('Referrer Policy')}}</td>
<td>Added the <code>referrerpolicy</code> attribute.</td>
</tr>
<tr>
<td>{{SpecName('HTML WHATWG', 'iframe-embed-object.html#the-iframe-element', '<iframe>')}}</td>
<td>{{Spec2('HTML WHATWG')}}</td>
<td></td>
</tr>
<tr>
<td>{{SpecName('HTML5 W3C', 'semantics-embedded-content.html#the-iframe-element', '<iframe>')}}</td>
<td>{{Spec2('HTML5 W3C')}}</td>
<td></td>
</tr>
<tr>
<td>{{SpecName('HTML4.01', 'present/frames.html#h-16.5', '<iframe>')}}</td>
<td>{{Spec2('HTML4.01')}}</td>
<td></td>
</tr>
<tr>
<td>{{SpecName('Screen Orientation')}}</td>
<td>{{Spec2('Screen Orientation')}}</td>
<td>Adds <code>allow-orientation-lock</code> to the <code>sandbox</code> attribute.</td>
</tr>
</tbody>
</table>
<h2 id="Browser_compatibility">Browser compatibility</h2>
<p>{{Compat("html.elements.iframe", 3)}}</p>
<h2 id="Смотрите_также">Смотрите также</h2>
<ul>
<li><a href="/en-US/docs/Web/Privacy">Конфиденциальность, разрешения и информационная безопасность</a></li>
</ul>
|
